Docker integration for WhiteSource Nexus

whitesource-ps / ws-nexus-integration

WhiteSource Nexus integration tool

Apache License 2.0

15 stars 8 forks source link

Docker integration for WhiteSource Nexus #32

Open danielnbalasoiu opened 2 years ago

danielnbalasoiu commented 2 years ago

I created a Dockerfile which might be useful for the Docker integration

danielnbalasoiu commented 2 years ago

No vulnerabilities found:

❯ docker scan ws-nexus:0.2.10a1-java-1.8-openjdk

Testing ws-nexus:0.2.10a1-java-1.8-openjdk...

Organization:      danielnbalasoiu
Package manager:   apk
Project name:      docker-image|ws-nexus
Docker image:      ws-nexus:0.2.10a1-java-1.8-openjdk
Platform:          linux/arm64
Licenses:          enabled

✔ Tested 70 dependencies for known issues, no vulnerable paths found.

tamari-oz commented 2 years ago

Hi Daniel,

Thanks for the contribution!

Docker image for this is surely a good addon. I tend to prefer WhiteSource official release images.

We'll review this approach and update soon.

In the meantime can you please sign the commit?

danielnbalasoiu commented 2 years ago

Hi,

The official docker image is scanning programming languages. The docker image I included was created only for the Nexus integration.

I don't have a valid GPG key to sign the commit at the moment but I'll generate it in a safe environment in a few days and get back to you.

I'm also planning on updating the Dockerfile and run ws-nexus-integration with an user with non-root permissions.